hacktricks/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md

138 lines
8.7 KiB
Markdown
Raw Normal View History

2022-06-06 22:28:05 +00:00
# Burp Suite Configuration for iOS
2022-04-28 16:01:33 +00:00
<details>
2022-12-11 19:30:44 +00:00
<summary><a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ HackTricks LIVE Twitch</strong></a> <strong>Wednesdays 5.30pm (UTC) 🎙️ -</strong> <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
2022-04-28 16:01:33 +00:00
2022-09-30 10:27:15 +00:00
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
2022-12-11 19:30:44 +00:00
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
2022-04-28 16:01:33 +00:00
</details>
2022-12-11 19:30:44 +00:00
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
2022-06-06 22:28:05 +00:00
2022-09-27 00:18:19 +00:00
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
2022-04-28 16:01:33 +00:00
2022-09-27 00:18:19 +00:00
{% embed url="https://www.syncubes.com/" %}
2022-06-06 22:28:05 +00:00
## Burp Cert Installation in physical iOS
2021-05-13 17:53:07 +00:00
2021-11-30 16:46:07 +00:00
You can install [**Burp Mobile Assistant**](https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing) **for help installing the Burp Certificate, configure the proxy and perform SSL Pinning.**\
2022-04-05 22:24:52 +00:00
Or you can manually follow the next steps:
2021-05-13 18:33:03 +00:00
2022-06-06 22:28:05 +00:00
* Configure **Burp** as the iPhone **proxy in \_Settings**_\*\* --> \*\*_**Wifi**_\*\* --> \*\*_**Click the network**_\*\* --> \*\*_**Proxy**\_
2021-05-13 18:06:06 +00:00
* Access `http://burp` and download the certificate
* Access _**Setting**_ --> _**Profile Downloaded**_ and **Install** it (you will be asked your code)
* Access _**Settings**_ --> _**General**_ --> _**About**_ --> _**Certificate Trust Settings**_ and enable PortSwigger CA
2021-05-13 17:53:07 +00:00
2022-06-06 22:28:05 +00:00
### Setting up an Interception Proxy via localhost
Setting up Burp to proxy your traffic is pretty straightforward. We assume that both your iOS device and host computer are connected to a Wi-Fi network that permits client-to-client traffic. If client-to-client traffic is not permitted, you can use usbmuxd to connect to Burp via USB.
PortSwigger provides a good [tutorial on setting up an iOS device to work with Burp](https://support.portswigger.net/customer/portal/articles/1841108-configuring-an-ios-device-to-work-with-burp) and a [tutorial on installing Burp's CA certificate to an iOS device](https://support.portswigger.net/customer/portal/articles/1841109-installing-burp-s-ca-certificate-in-an-ios-device).
2022-06-06 22:28:05 +00:00
#### Using Burp via USB on a Jailbroken Device
When doing dynamic analysis, it's interesting to use the SSH connection to route our traffic to Burp that is running on our computer. Let's get started:
First we need to use **iproxy** to make SSH from iOS available on localhost.
```bash
$ iproxy 2222 22
waiting for connection
```
The next step is to make a remote port forwarding of port 8080 on the iOS device to the localhost interface on our computer to port 8080.
```bash
ssh -R 8080:localhost:8080 root@localhost -p 2222
```
2021-11-30 16:46:07 +00:00
You should now be able to reach Burp on your iOS device. Open Safari on iOS and go to **127.0.0.1:8080** and you should see the Burp Suite Page. This would also be a good time to [install the CA certificate](https://support.portswigger.net/customer/portal/articles/1841109-installing-burp-s-ca-certificate-in-an-ios-device) of Burp on your iOS device.
The last step would be to set the proxy globally on your iOS device:
1. Go to **Settings** -> **Wi-Fi**
2. Connect to _any_ Wi-Fi (you can literally connect to any Wi-Fi as the traffic for port 80 and 443 will be routed through USB, as we are just using the Proxy Setting for the Wi-Fi so we can set a global Proxy)
3. Once connected click on the small blue icon on the right side of the connect Wi-Fi
4. Configure your Proxy by selecting **Manual**
5. Type in 127.0.0.1 as **Server**
6. Type in 8080 as **Port**
2022-06-06 22:28:05 +00:00
### Full Network Monitoring/Sniffing
If you need to **monitor something different from HTTP communications** you can sniff all the device traffic with **wireshark**.\
You can remotely sniff all traffic in real-time on iOS by [creating a Remote Virtual Interface](https://stackoverflow.com/questions/9555403/capturing-mobile-phone-traffic-on-wireshark/33175819#33175819) for your iOS device. First make sure you have **Wireshark** **installed** on your macOS host computer.
1. **Connect** your iOS device to your macOS host computer via USB.
2. You would need to know the **UDID of your iOS device**, before you can start sniffing. Open the Terminal on macOS and enter the following command, filling in the UDID of your iOS device.
```bash
$ rvictl -s <UDID>
Starting device <UDID> [SUCCEEDED] with interface rvi0
```
1. Launch **Wireshark** and select "**rvi0**" as the capture interface.
2. Filter the traffic with Capture Filters in Wireshark to display what you want to monitor (for example, all HTTP traffic sent/received via the IP address 192.168.1.1).
```
ip.addr == 192.168.1.1 && http
```
![](<../../.gitbook/assets/image (472).png>)
The documentation of Wireshark offers many examples for [Capture Filters](https://wiki.wireshark.org/CaptureFilters) that should help you to filter the traffic to get the information you want.
2022-06-06 22:28:05 +00:00
## Burp Cert Installation in Simulator
* **Export Burp Certificate**
In _Proxy_ --> _Options_ --> _Export CA certificate_ --> _Certificate in DER format_
![](<../../.gitbook/assets/image (459).png>)
* **Drag and Drop** the certificate inside the Emulator
* **Inside the emulator** go to _Settings_ --> _General_ --> _Profile_ --> _PortSwigger CA_, and **verify the certificate**
* **Inside the emulator** go to _Settings_ --> _General_ --> _About_ --> _Certificate Trust Settings_, and **enable PortSwigger CA**
![](<../../.gitbook/assets/image (460).png>)
**Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator**
{% hint style="info" %}
**The iOS simulator will use the proxy configurations of the MacOS.**
{% endhint %}
2022-06-06 22:28:05 +00:00
### MacOS Proxy Configuration
Steps to configure Burp as proxy:
2021-11-30 16:46:07 +00:00
* Go to _System Preferences_ --> _Network_ --> _Advanced_
* In _Proxies_ tab mark _Web Proxy (HTTP)_ and _Secure Web Proxy (HTTPS)_
* In both options configure _127.0.0.1:8080_
![](<../../.gitbook/assets/image (461).png>)
* Click on _**Ok**_ and the in _**Apply**_
2022-04-28 16:01:33 +00:00
2022-12-11 19:30:44 +00:00
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
2022-06-06 22:28:05 +00:00
2022-09-27 00:18:19 +00:00
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
2022-06-06 22:28:05 +00:00
2022-09-27 00:18:19 +00:00
{% embed url="https://www.syncubes.com/" %}
2022-04-28 16:01:33 +00:00
<details>
2022-12-11 19:30:44 +00:00
<summary><a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ HackTricks LIVE Twitch</strong></a> <strong>Wednesdays 5.30pm (UTC) 🎙️ -</strong> <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
2022-04-28 16:01:33 +00:00
2022-09-30 10:27:15 +00:00
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
2022-12-11 19:30:44 +00:00
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
2022-04-28 16:01:33 +00:00
</details>